Aaron Parecki<https://x.com/aaronpk> and I published a new version the "OAuth 2.0 Protected Resource Metadata" specification that addresses the review comments received since the IETF Last Call. Per the history entries, the changes were:
* Added metadata values declaring support for DPoP and mutual-TLS client certificate-bound access tokens. * Added missing word caught during IANA review. * Addressed ART, SecDir, and OpsDir review comments by Arnt Gulbrandsen, David Mandelberg, and Bo Wu, resulting in the following changes: * Added step numbers to sequence diagram. * Defined meaning of omitting bearer_methods_supported metadata parameter. * Added internationalization of human-readable metadata values using the mechanism from [RFC7591<https://www.rfc-editor.org/rfc/rfc7591.html>]. * Added resource_name metadata parameter, paralleling client_name in [RFC7591<https://www.rfc-editor.org/rfc/rfc7591.html>]. * Added Security Considerations section on metadata caching. * Used and referenced Resource Identifier definition. * Added motivating example of an email client to intro. The specification is available at: * https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-09.html -- Mike P.S. This note was also posted at https://self-issued.info/?p=2569 and referenced from https://x.com/selfissued/status/1834763444899528772 and https://www.linkedin.com/posts/selfissued_oauth-20-protected-resource-metadata-draft-activity-7240529820818808832-oOYU/.
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
